Inception Hosting
2018-Aug-09 10:50 UTC
Re: [libvirt-users] Mount URL as cdrom/iso KVM/QEMU
Just a quick correction and apologies, the actual issue is that http will not
work, https will so I dont think this is a bug as such I think this is by design
likely for security.
Looking at the man page for qemu-kvm it states http will work with examples
given however only https works, my best guess from looking at the spec file from
the srpm is that it has only been enabled in the centos qemu-kvm-ev with https:
except from spec file:
- Resolves: bz#1132569
(RFE: Enable curl driver in qemu-kvm-rhev: https only)
example working XML except:
<disk type='network' device='cdrom'>
<driver name='qemu' type='raw'/>
<source protocol="https"
name="/debian-cd/current/amd64/iso-cd/debian-9.5.0-amd64-netinst.iso">
<host name="mirror.bytemark.co.uk" port="443"/>
</source>
<target dev='hdb' bus='ide' tray='closed'/>
<readonly/>
I have tested this on a base install with the regular packages and can confirm
that it works fine over https.
Thanks again and sorry for any confusion caused.
________________________________
From: Daniel P. Berrangé <berrange@redhat.com>
Sent: 09 August 2018 11:29:25
To: Inception Hosting
Cc: Vasiliy Tolstov; libvirt-users@redhat.com
Subject: Re: [libvirt-users] Mount URL as cdrom/iso KVM/QEMU
On Thu, Aug 09, 2018 at 10:20:54AM +0000, Inception Hosting
wrote:> Resolved this morning,
>
>
> the issue is that the qemu-kvm-ev rpm's released by centos have not
> been compiled with curl support, I rebuild it myself from source with
> curl support and it works fine now.
Hmm that's bad, because if curl was disabled, we really want to have
QEMU refuse to startup, rather than start & give you an inaccessible
file. So this feels like a QEMU bug to me that ought to be reported.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Daniel P. Berrangé
2018-Aug-09 11:27 UTC
Re: [libvirt-users] Mount URL as cdrom/iso KVM/QEMU
On Thu, Aug 09, 2018 at 10:50:46AM +0000, Inception Hosting wrote:> Just a quick correction and apologies, the actual issue is that http > will not work, https will so I dont think this is a bug as such I > think this is by design likely for security. > > > Looking at the man page for qemu-kvm it states http will work with > examples given however only https works, my best guess from looking > at the spec file from the srpm is that it has only been enabled in > the centos qemu-kvm-ev with https:Yes, the qemu RPMs in centos & RHEL have disabled support for http:// protocol, however, I expect that to immediately fail when trying to start the guest. eg # /usr/libexec/qemu-kvm -drive file=http://example.com/foo/bar -accel tcg qemu-kvm: -drive file=http://example.com/foo/bar: Driver 'http' is not whitelisted so I'm puzzelled why your guest successfully started at all with a http protocol in use. Are you able to share your QEMU log from /var/log/libvirt/qemu/$GUESTNAME.log from a VM that fails to launch with http ? Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
Inception Hosting
2018-Aug-09 11:46 UTC
Re: [libvirt-users] Mount URL as cdrom/iso KVM/QEMU
Hi Daniel, I have noticed that it will fail exactly as you said if <cdrom> is first in the boot order, if <hd> is first in the boot order the XML validates and it starts as usual. first in log except below is with cdrom set to first in boot order, second is with hd set first. 2018-08-09 11:39:28.625+0000: starting up libvirt version: 3.9.0, package: 14.el7_5.6 (CentOS BuildSystem <http://bugs.centos.org>, 2018-06-27-14:13:57, x86-01.bsys.centos.org), qemu version: 2.10.0(qemu-kvm-ev-2.10.0-21.el7_5.4.1), hostname: devnode9.com LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -name guest=kvm104,debug-threads=on -S -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-82-kvm104/master-key.aes -machine pc-i440fx-rhel7.5.0,accel=kvm,usb=off,dump-guest-core=off -m 1024 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 5827d6a9-ef0e-4331-9d0e-fa742c70d596 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-82-kvm104/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=http://distro.ibiblio.org:80/puppylinux/puppy-xenial/32/xenialpup-7.5-uefi.iso,format=raw,if=none,id=drive-ide0-0-1,readonly=on -device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1,bootindex=2 -drive file=/dev/Kvmvol/kvm104_img,format=raw,if=none,id=drive-virtio-disk0,cache=none -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=30,id=hostnet0,vhost=on,vhostfd=32 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:16:3c:07:e0:c9,bus=pci.0,addr=0x3 -device usb-tablet,id=input0,bus=usb.0,port=1 -vnc 0.0.0.0:4,password -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -msg timestamp=on 2018-08-09T11:39:28.690350Z qemu-kvm: -drive file=http://distro.ibiblio.org:80/puppylinux/puppy-xenial/32/xenialpup-7.5-uefi.iso,format=raw,if=none,id=drive-ide0-0-1,readonly=on: Driver 'http' is not whitelisted 2018-08-09 11:39:28.699+0000: shutting down, reason=failed 2018-08-09 11:40:04.963+0000: starting up libvirt version: 3.9.0, package: 14.el7_5.6 (CentOS BuildSystem <http://bugs.centos.org>, 2018-06-27-14:13:57, x86-01.bsys.centos.org), qemu version: 2.10.0(qemu-kvm-ev-2.10.0-21.el7_5.4.1), hostname: devnode9.com LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -name guest=kvm104,debug-threads=on -S -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-83-kvm104/master-key.aes -machine pc-i440fx-rhel7.5.0,accel=kvm,usb=off,dump-guest-core=off -m 1024 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 5827d6a9-ef0e-4331-9d0e-fa742c70d596 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-83-kvm104/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive if=none,id=drive-ide0-0-1,readonly=on -device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1,bootindex=2 -drive file=/dev/Kvmvol/kvm104_img,format=raw,if=none,id=drive-virtio-disk0,cache=none -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=30,id=hostnet0,vhost=on,vhostfd=32 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:16:3c:07:e0:c9,bus=pci.0,addr=0x3 -device usb-tablet,id=input0,bus=usb.0,port=1 -vnc 0.0.0.0:4,password -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -msg timestamp=on So my best guess based on the logs is that http is simply being ignored when it is not set to primary, not sure if that is the desired behavior. Cheers. ________________________________ From: Daniel P. Berrangé <berrange@redhat.com> Sent: 09 August 2018 12:27 To: Inception Hosting Cc: Vasiliy Tolstov; libvirt-users@redhat.com Subject: Re: [libvirt-users] Mount URL as cdrom/iso KVM/QEMU On Thu, Aug 09, 2018 at 10:50:46AM +0000, Inception Hosting wrote:> Just a quick correction and apologies, the actual issue is that http > will not work, https will so I dont think this is a bug as such I > think this is by design likely for security. > > > Looking at the man page for qemu-kvm it states http will work with > examples given however only https works, my best guess from looking > at the spec file from the srpm is that it has only been enabled in > the centos qemu-kvm-ev with https:Yes, the qemu RPMs in centos & RHEL have disabled support for http:// protocol, however, I expect that to immediately fail when trying to start the guest. eg # /usr/libexec/qemu-kvm -drive file=http://example.com/foo/bar -accel tcg qemu-kvm: -drive file=http://example.com/foo/bar: Driver 'http' is not whitelisted so I'm puzzelled why your guest successfully started at all with a http protocol in use. Are you able to share your QEMU log from /var/log/libvirt/qemu/$GUESTNAME.log from a VM that fails to launch with http ? Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| [https://c1.staticflickr.com/1/873/40602347890_5a83293856_b.jpg]<https://www.flickr.com/photos/dberrange> Daniel | Flickr<https://www.flickr.com/photos/dberrange> www.flickr.com Explore Daniel's 1,578 photos on Flickr! |: https://libvirt.org -o- https://fstop138.berrange.com :| libvirt: The virtualization API<https://libvirt.org/> libvirt.org libvirt, virtualization, virtualization API |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| [https://scontent-cdt1-1.cdninstagram.com/vp/4ba54fb8119ad17c3b0a98321c357a2d/5BF2CDF5/t51.2885-19/s150x150/20968587_481132782267587_5503861153710735360_a.jpg]<https://www.instagram.com/dberrange> Daniel Berrangé (@dberrange) • Instagram photos and videos<https://www.instagram.com/dberrange> www.instagram.com 178 Followers, 60 Following, 136 Posts - See Instagram photos and videos from Daniel Berrangé (@dberrange)